Functional Safety in Lattice FPGAs
Posted 03/29/2016 by David Wang
It is hard to overstate the importance of the modern industrial production line. Virtually every product you own was crafted in whole or in part using this sort of technique. Yet from the earliest days industrialization has brought risks for the workers. Sometimes it can seem as if the history of industrialization is a history of balancing the safety of workers with the power, speed and promise of industrial production techniques. To help manage these important concerns, over time a number of safety protocols and standards have been developed which have been tested and proven. Particular attention has been paid to the machinery that makes up a production line where various techniques such as self-diagnosis and redundancy can help mitigate risk factors.
In modern production systems, functional safety also means managing risk factors of the various electronic components in the machinery of the production line, including the microchips that run these systems. ASICs have often been seen as preferable for the industrial line, because their fixed functionality makes it easier to test them for safety considerations. However, in many situations, the flexibility of FPGAs can provide critical functionality for a system, or can greatly simplify and reduce the complexity required to run a given piece of machinery. Lattice has developed an extensive set of procedures including the V-model FPGA design flow that allow our FPGAs to conform to the safety specifications that are standard in the industry.
The safety philosophy for electrical and programmable systems is driven by the IEC61508 standard. This standard focuses on monitoring normal function, and controlling for abnormal situations, and is often used in industrial automation. The level of functional safety required varies by demand, how often the safety function will need to be used during an annual interval. By analyzing all possible critical system issues, and performing risk analysis, the required Safety Integrity Level (SIl) for a system is determined. Potential types of failures are identified and classified as either Stochastic (random failures that are not predictable) or Systematic failures.
Stochastic failures can be decreased by the implementation of diagnostics and redundant systems. Lattice provides their customers with the failure rates and the Soft Error Rates for all safety recommended components, allowing the failure rates of these components to be included in the overall machinery analysis.
Systematic failures can be mitigated by careful product management. These include management of documentation, requirements, organization and responsibilities of the development team, definition of methods, validation and verification.
While the specific techniques may vary between ASIC and FPGA, the underlying philosophy is consistent in the IEC61508 standard.
Finally management and validation of the relevant software (or tools) that accompanies the FPGA is required. Here, many of the same techniques between ASIC and FPGA can be used. TÜV Rheinland has conducted a third party audit of the Lattice tool-suite “Diamond 2.1” and certified it for safety designs according to IEC61508 up to SIL3.
The tension between the benefits of increasing automation and safety considerations will continue to be a concern in throughout many industries. In this industry, FPGAs that can adhere to the highest quality and external safety levels will continue to allow machines to be built that are functional efficient, and safe.